Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-05 | CVE-2012-4090 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | 4.0 |
| 2013-10-05 | CVE-2012-4084 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Computing System Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755. | 6.8 |
| 2013-10-03 | CVE-2013-5519 | Cross-Site Scripting vulnerability in Cisco Wireless LAN Controller Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. | 4.3 |
| 2013-10-03 | CVE-2012-4136 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910. | 6.8 |
| 2013-10-02 | CVE-2013-5517 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. | 5.5 |
| 2013-10-02 | CVE-2012-4111 | Improper Input Validation vulnerability in Cisco Unified Computing System The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563. | 6.8 |
| 2013-10-02 | CVE-2012-4110 | Improper Input Validation vulnerability in Cisco Unified Computing System run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. | 6.8 |
| 2013-10-02 | CVE-2012-4109 | Improper Input Validation vulnerability in Cisco Unified Computing System The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559. | 6.8 |
| 2013-10-02 | CVE-2012-4104 | Path Traversal vulnerability in Cisco Unified Computing System Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706. | 6.6 |
| 2013-10-02 | CVE-2012-4103 | Improper Input Validation vulnerability in Cisco Unified Computing System ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. | 6.8 |